I have a site where a member or group of members are constantly downloading the entire contents of my vbulletin forum and posting it on pirate sites. I have the forums protected with amember, but how can I: 1.) See who is doing the downloads of the forums? 2.) Stop them. I would like to visit their homes with a baseball bat and solve it that way, but I'm not 100% on who it is. Should I be looking at the server logs? They seem to be switching ips all the time. Help?
Well, the harsh truth is that if someone wants to rip all your content off for whatever reason, they will find a way... even if you put up a fight. With that said, you can probably try and figure out from server logs which browser they're using (as it's probably a 3rd party software) and then disable access to that software by checking for User-Agent (browser name): http://www.thesitewizard.com/apache/block-bots-with-htaccess.shtml
Yeah I've looked through the logs, but you go cross eyed looking at those things for a long time. I was hoping there was some page or report that showed each user and how much they've downloaded. That would make it easy to spot the culrprit(s).
A friend told me about a script you may be able to add that keeps track of access and will prevent some scraping http://www.totalchoicehosting.com/forums/index.php?s=&showtopic=1997&view=findpost&p=12702 If anyone wants to take a stab at integrating it with amember, would be very cool. David
Only way I would suggest is to enforce in your Terms and Conditions of joining your site. Otherwise, you should ban those users. I have the same problem. One way I fixed that is by writing a very complex code to prevent scraping of any kind by preventing the client from using the select all and copy feature in windows. Not only did I prevent using right-click, I also disabled Ctrl-C or any ability to select any text or content. Lastly, disabling java also confused the user because they were still hampered.
On one client install we added a user field that contained content unique to that user. When content was rendered on the pages, that unique content was added inline with the content (in a non-obvious way).. As it did not disrupt the flow of the content (chose your words wisely!) the users were not aware that the fingerprinting was in place and as such they were able to easily identify the leak.
that is cool! can you expand on that in a way? some examples, maybe? I'm just curious now how they tracked that...
It is fairly straightforward, they use WordPress as their CMS and make use of the WordPress PHP exec plugin. With it you are able to embed PHP code directly into your Posts. As such they are able to make use of the the aMember user Array in their posts. The theme of your site should dictate the words you use as fingerprint for the user (and this field should obviously be hidden from user profile). Some examples to use for a pattern in your words are: a name for your examples, a name for a food, a website url, a number, etc. When choosing where to put the session variable into your post, be sure to pick an area that will sound natural based on your word themes.
You can also use html comments around the output so it wont show up on the page, but will be viewable in the source. David
ahh, I get that... but where does the tracking come from? as in, how do they realize, for example, that a person A has ripped the whole forum and all the posts from it? aside from getting that "rip" and just checking the code itself for the fingerprint, that is... because that would be obvious.
As this technique was used within a WordPress site, not a forum, it was easy to embed the fingerprint within the content without it being obvious (that was the point). Granted, if users are actively comparing every post looking for commonality to sanitize then of course there is the possibility that they might catch on. To be honest, the success or failure of it is dependent on the creativity of the content producer in how and where they embed it and especially not to overuse it. In a forum situation it is a bit trickier as the content is a bit less controlled. The same premise applies, however, only via other methods: 1) the use of one or more controlled users within your forum community that have the ability to post forum posts with active content (ie. embedded session variables). This should be used sparingly to risk detection, but within key threads, etc. which are more attractive to be pirated. 2) the use of content in and around elements of the forum itself (the name of the forums, the callouts, etc. Again creativity is the key to success and detection prevention. This is by no means a surefire approach, especially if it is overused and becomes obvious. You are correct that this technique was used to identify the leak after the fact (for legal reasons). If you are looking for something a bit more real-time to alert you of when your content is being used, you could also consider services such as Copy Scape. Obviously this doesn't work for protected sites or .zipped torrents..
Cool. Thanks... That's what I thought... Heck, I would go even as far as embedding a call back home, to a javascript library or .php file serving styles/javascript or something with ?XXX passed to it to keep track of the user ID# calling the page... and then just record all those IDs into the database for stats - and as soon as one of the ID's stats spike up through the roof you know someone's downloaded the content and shared it with enough people. Thanks for the idea...